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FOREWORD 

This Indian Standard (First Revision) was adopted by the Bureau of Indian Standards, after the draft finalized by 
the Nuclear Instrumentation Sectional Committee had been approved by the Electronics and Telecommunication 
Department. 

The use of process computers with nuclear reactor units has become general. Widespread use is made of computers 
as a means of enhancing conventional instrumentation and control such as start-up checks of the reactor, 
surveillance of parameters against alarm limit, closed loop control and expert systems for operators guidance. 
The data acquisition systems are networked for sharing of information for operator guidance and control 
applications. The assignment of tasks vital to plant operation to computer systems requires careful consideration 
of the factors affecting availability and reliability, when determining the system configuration. This standard 
will be of interest to the managers of nuclear power plants as well as the manufacturer and suppliers of the 
computer systems used by them. 

This standard was earlier published in 1 989 and was identical to lEC 643 ( 1 979). This revision has been undertaken 
keeping in view the advancement of technology and changed indigenous requirements. 

For the preparation of this standard, assistance has been derived from lEC 60643 (1979) 'Application of digital 
computers to nuclear reactor instrumentation and control' and lEC 61226 (1993) 'Nuclear power plants — 
Instrumentation and control systems important for safety — Classification', issued by the International 
Electrotechnical Commission (lEC). 

The composition of the Committee responsible for formulation of this standard is given in Annex A. 
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Indian Standard 

APPLICATION OF COMPUTERS TO NUCLEAR 
REACTOR INSTRUMENTATION AND CONTROL 

( First Revision ) 



1 SCOPE 

1.1 This standard specifies the principles that should 
be followed in the use of digital computers for alarm, 
instrumentation, record control and equipment 
protection purposes including expert systems on 
nuclear reactor units. This standard serves as a guidance 
to the application of digital computer systems. 

1.2 This standard applies to all on-line applications of 
digital process computer systems to nuclear reactors 
and to off-line applications immediately associated 
with the on-line system, such as would normally use 
the same equipment. The recommendations are based 
on recognized practice in the process computer field 
and are functional in nature. These recommendations 
are not intended to affect the obligations that a supplier 
of equipment, services or programmes may have for 
satisfactory performance in any specific application. 
General recommendations are given for the application 
of such systems, for the equipment and programmes 
and for performance and maintenance. 

2 TERMINOLOGY 

For the purpose of this standard, the following 
definitions shall apply. 

2.1 OigitalComputerSystem, Computer System — 

An equipment consisting of CPUs, storage units, input/ 
output, communication units, computer programmes, 
but not including the measurement transducers or 
actuators. 

2.2 Nuclear Power Plant — All that plant including 
the nuclear reactor and its protection systems, coolant 
systems and electrical supplies which is necessary for 
the generation of electricity, or the generation of 
thermal power. 

2.3 Analogue Signal — A time-continuous signal 
whose amplitude is directly related to the information 
conveyed by the signal. 

2.4 Binary Signal — A two-state signal. 

2.5 Computer Log, Log — A pre-specified legible 
record of nuclear power plant conditions made by the 
computer system on demand or automatically, in 
permanent form. 

2.6 Availability — The proportion of time for which 



the computer system is capable of performing all 
specified Unctions. 

2.7 Reliability — The probability that an item will 
perform a required function under stated conditions 
for a stated period of time. 

2.8 Redundancy — The existence of more than one 
means of performing a given function. 

2.9 Digitized Signal — A coded signal hold in binary 
form, whose information is equivalent to an analogue 
signal at a discrete time. 

2.10 On-Line — The mode of operation of the 
computer system in which the input data used by the 
programme being performed is acquired in real time 
from the process plant to represent its current state. 
An output function is usually available when the system 
is on-line. 

2.11 Off-Line — The mode of operation of the 
computer system in which the input data used by the 
programme being performed is independent of the 
current state of the process plant. 

3 APPLICATION CLASSES 

3.1 The tasks assigned to the digital computer system 
are grouped into three application classes related to 
nuclear power plant operational requirements. 
Consequently, these three classes have varying 
requirements for availability, redundancy reliability 
and functional requirements of the associated computer 
system {see 6). 

3.1.1 Class I A 

Systems dedicated to performing safety critical 
functions for reactor protection such as supervision of 
reactor core against excess reactivity, flow blockage, 
protection logic and so on. 

2.\.2 Class IB 

System that play a complimentary role to the Class 
lA systems in performing safety critical function for 
reactor protection such as reactor power regulation, 
on-line testing of Class lA systems, moderator level 
controls, reactor start-up checks, fuel handling 
control, interlocks, primary coolant pressure or flow 
control. 
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3.1.3 Classic 

Systems dedicated to acquisition of plant data and 
display of information towards enhancing the plant 
operation and safety are classified as Class IC. Failure 
of class IC systems may result in a degradation of 
overall nuclear power plant performance but will not 
have direct safety implications. These systems are not 
directly involved in mitigating the physical 
consequences of a postulated initiating event (PIE). 

Examples :Ox\-\\ne expert systems for operator 
guidance, graphic user interface (GUIj^ystems (history 
trend, mimic display, bar chart display), process 
disturbance analyzer, events sequence recorder, and 
on-line computational systems such as thermal balance, 
reactivity balance, etc. 

4 DETERMINATION OF APPLICATION CLASS 

4. 1 Where a nuclear power plant operational function 
is to be performed by a computer system, the 
application class shall be determined, in order to 
determine the redundancy and reliability of equipment 
needed. This can be done by considering the 
consequences of operation on short-term or long-term 
loss of that function. Where a nuclear power plant 
operational function is considered as a possible 
computer task, the computer application class that is 
thereby required shall be considered carefully. This 
consideration should take account of alternative or 
standby equipment needed, together with economic, 
technical and safety factors. 

4.2 Factors in determining the application class also 
depend upon the importance of information required 
by different agencies such as operational, maintenance 
and managerial staff. 

5 COMPUTER FUNCTIONS 

5.1 The tasks which can be performed by on-line 
computers in association with nuclear power plant 
include: 

a) Functions where nuclear power plant 
conditions are monitored and nuclear power 
plant trips or other action taken for equipment 
safety or availability. 

b) Automatic testing of control or equipment 
protection system or reactor protection system 
functions. 

c) On-line determination of margins to trip and 
status of nuclear power plant for evaluation 
by the operators. 

d) Interlock functions where nuclear power plant 
conditions are monitored and adverse 
operator action prevented directly. 

e) Control of nuclear power plant operation by 



implementation of control algorithms. 

f) Sequential operation of nuclear power plant 
in association with start-up, shutdown or 
otherwise. 

g) Sequential operation to control 
instrumentation systems such as, for example, 
burst can detection, or neutron fluence rate 
scanning. 

h) Control of fuel handling operation. 

j) Derivation of significant alarms by signal 
processing and analysis. 

k) Detection of alarm states from analogue 
signals and binary signals. 

m) Logging of nuclear power plant operational 
states. 

n) Derivation of nuclear power plant operational 
information by calculations, of data relating 
to the operation of the installation used for 
instrumentation and for physics assessments, 
for records, or for licensing purposes. 

p) Special display or recording methods for 
indication of histories, trends, reactor 
conditions, complex nuclear power plant 
conditions or configurations. 

q) Recording of alarm states as logs. 

r) Display of nuclear power plant signal states 
and values, to allow or aid correct operation. 

s) Data acquisition and analysis of alarms 
detected and of alarms existing to allow or 
aid correct operation (expert systems). 

6 AVAILABILITY AND RELIABILITY 

6.1 General 

6.1.1 Where the system design is such that degraded 
performance results from failure of a system element, 
availability of each function can be calculated from 
the total time during which each function was 
performed or was available for performance. 

6.1.2 Availability of a function is dependent on the 
reliability of the devices used to perform the function. 
Redundant devices can be used to increase reliability. 
Care should be taken that additional monitoring, 
switching or other equipment needed to use redundant 
devices does not in fact reduce the overall availability 
of the function. 

The reliability of the power supply sources for the 
computer system shall be appropriate to the application 
classes of the functions performed. 

6.2 Reliability Requirements 
6.2.0 General 

Reliability requirements should be commensurate with 
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the criticality of the functions performed by the 
computer based system. Quantitative reliability target 
or on demand failure probability, as appropriate shall 
be specified for computer based system. Similarly 
spurious failure probability and availability shall be 
specified using appropriate quantitative metric. 

6.2.1 Class /A 

For Class lA application, no single fault should lead 
to complete loss of computer functions. These systems 
shall be built to achieve high reliability figures. 
Redundant and/or diverse, system configurations may 
be adopted to achieve the desired reliability figures. 
The reliability requirement of this Class of systems is 
one order higher than the reliability requirement of 
Class IB systems, 

6.2.2 Class IB 

For Class IB applications, no single fault should lead 
to complete loss of the computer functions. The system 
configuration necessary to fulfil this requirement 
entails the use of redundant components and systems. 

6.2.3 Class IC 

For Class IC applications, single fault may cause a 
partial loss of computer system facilities or total loss 
in the case of certain defined faults. A typical computer 
system, providing the normal source of alarms and of 
data and providing extensive logs, monitoring and 
display, with limited sequential control, and with 
minimum back-up instrumentation including 
operational aid can be expected to meet the required 
reliability for Class IC. 

6.3 When designing the computer system due 
consideration should be given to the choice of reliable 
equipment to assure an adequate mean time between 
failures (MTBF) and to the provision of means for 
rapid fault detection. Design shall consider use of 
modularity so as to enable ease of identification and 
replacement of faulty modules without compromising 
security. 

6.4 The reliability of power supply sources for the 
computer system shall be appropriate to the application 
clauses of the functions performed. 

7 GENERAL FACTORS 

7.1 System Functions 

7.1.1 A computer system may provide control and 
information functions for the nuclear power plant 
operators. These functions and the display units, 
printers and controls over the computer system 
operations should be fully integrated into the control 
room design and nuclear power plant operational 
concepts. 



7.2 Computer System Equipment 

7.2.1 The planning of computer system should consider 
its location, electrical supplies and operating 
environment (such as climatic conditions, radiation 
level, vibration and so on). The design of the computer 
system equipment should take account of the different 
types of station instrumentation and alarm signals. It 
should account for any electrical interferences likely 
to exist. 

7.2.2 Design should allow for input signal scanning 
rates compatible with the behaviour of the nuclear 
power plant. It should take care of signal types, ranges, 
desired accuracy and interfaces of the systems. The 
computers storage systems and connectivities should 
have response times appropriate to the functions to be 
performed. 

7.2.3 Design should also take into account 
requirements of access to the systems (access to 
hardware or software) and ensure that access is granted 
as per needs of persons and at different level namely, 
operator, supervisor, maintenance personnel, etc, 
through secure means such as hardware key interlocks 
and/or passwords. 

7.2.4 The staffing for operation and for maintenance, 
the availability of spare modules and the repair of faults 
should be considered. 

7.2.5 Where printout equipment is used, it should be 
suitably sound-proofed or placed in a separate room 
or enclosure. 

7.2.6 Design should also take into account 
requirements of access to the systems (access to 
hardware or software) and ensure that access is granted 
as per needs of persons and at different level, namely 
operator, supervisor, maintenance personnel etc, 
through secure means such as hardware key interlocks 
and/or passwords. 

7.3 System State Indication 

All computer based systems should be time 
synchronized with the help of a station master clock. 
The nuclear power plant operators should have direct 
indication of the operational condition of the computer 
system. Alarms should be provided on major failure 
of the computer and the computer itself should provide 
alarm information on failure within the computer 
system units. The computer record of time and data 
should be available for post incidence analysis. 

7.4 Operator Control of Computer Functions 

7.4.1 The nuclear power plant operators should have 
simple direct controls over the computer on-line 
operation. Push button controls, keyboards, mouse, 
touch screen display, numerical code selection, etc. 
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may be used. Direct push button or switch actions close 
to display units should be used to control alarm and 
data displays. An index of displays should be available 
to the operator. 

7.4.2 An acknowledgment signal should be provided 
by the computer within a stipulated time when the 
operators request a function. A signal should be 
provided when a function is completed. 

7.4.3 Where monitoring, control or equipment 
protection fijnctions are involved, alterations of settings 
and controls for operation or for equipment protection 
system use shall have locks or appropriate 
administrative control over their use. On demand, the 
printout or display of settings shall be available. 

7.4.4 The response time for a request for a display 
should be adequate for the application. Displays should 
include alternating or changing marks to indicate 
conditions such as, trip messages and trip clear 
messages of parameters (messages shall b6 in 
distinctive colours). 

7.5 System Operation 

7.5.1 The detailed aspects of system operation should 
be appropriate to the application class. Facilities are 
required to load, initiate, start, stop and restart the 
programme of the computer system. Programmes are 
required to allow continuation of system functions at 
a changeover. On-line fault detection and self- 
monitoring programmes are required to detect loss of 
performance of the system equipment and to provide 
appropriate indications and records of such failures and 
automatic changeover to any hot standby equipment. 

7.5.2 Modification may be needed to programmes and 
to the system data which specifies the content of logs 
and displays, the alarm levels, system reference data, 
control and equipment protection settings. Suitable 
methods for including such modifications should be 
considered, with adequate security related to the 
consequence of the modification for reactor operation 
and control, and equipment protection. The means of 
administrative control, checking for corrections and 
recording of changes to programmes and data should 
be considered. 

7.6 System Programmes 

7.6.1 In a computer programme, the undesired or 
incorrect modes of operation of the programme couid 
be due to errors of specification, errors of logic and 
failures of implementation and coding. 

Particular attention should be paid to clarity and 
simplicity of structure of programmes and to the 
documentation of the programme modules. The 
separation of programmes as independent modules 



with defined interfaces is desirable. The interaction of 
programme modules with each other should be 
considered and the system action considered in the 
presence of an incorrect or undesired programme 
module and in the presence of malfunctions of the 
hardware. Appropriate self-monitoring programme 
features are desirable. 

7.6.2 To ensure the system is adequate for the fimctions 
required, the performance should be analyzed. The 
programme timing, the times of execution and 
responses should be evaluated in relation to the desired 
overall system performance for different operating 
circumstances. This analysis may involve 
consideration of each programme module performance 
at each extreme of its input data and noise coupled 
with the input signal. The analysis should precede 
detailed implementation, if possible. 

7.6.3 The programme modules and the computer 
programme system should be fully tested and 
documented before on-line operation. Verification tests 
of programme modules, individually and as operating 
groups, are necessary. Confirmation of the 
performance analysis by practical tests is required. 
Records should be kept of the test results of the 
programme modules and overall programme tests. The 
computer systems shall undergo verification and 
validation from competent external agency. 

8 LOGGING AND RECORDING 
APPLICATIONS 

8.1 General 

8.1.1 The computer system may be used to provide 
records of nuclear power plant conditions. Records 
may be provided as output from printers on floppy 
disks, cassette tapes, compact disk devices or by other 
means. 

8.1.2 Printed logs are required for assistance in: 

a) Immediate analysis of nuclear power plant 
performance, and 

b) Long-term analysis of nuclear power plant 
performance. 

All logs should include nuclear power plant 
identification, reactor unit identity, date and time in a 
standardized position, provided by the direct action of 
the computer. A method of manual initiation of each 
record should be provided. When a printed log is made 
from a record, the form of output should be readily 
understandable. 

8.1.3 Where very fast transients are involved (for 
example electrical faults) special equipment may be 
needed to memorize the sequence of the transient. 

8.1.4 Logs may be provided for management and 
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operational purposes. These may show information for 
daily operation reviews, shift changeover, alarm and 
history record purposes. On appropriate computer 
systems, logs may cover long-term and short-term 
thermal balances, incident histories, maintenance and 
trends and automatic accumulation of averages of 
major parameters. A log of all inputs is desirable for 
off-line analysis and performance evaluation. 

8.1.5 Where a computer system is used for nuclear 
power plant control, an automatically-initiated log of 
selected control actions and changes of control state is 
desirable. Where a computer is used for equipment 
protection, an automatic log should be made of the 
conditions which caused protective action to be taken. 

8.2 Incident History Reviews 

8.2.1 Logs may be provided to show the values of 
nuclear power plant measurements before, during and 
after selected nuclear power plant incidents. The 
initiation conditions for these logs should be carefully 
and exactly determined. Excessive amounts of output 
information should be avoided. The chronology should 
be clearly shown. Analogue trends, before and after 
an incident, should be recorded for significant periods 
related to the scan interval of each variable, and the 
incident. 

8.3 Alarm Logs 

8.3.1 Logs should be provided to show all the alarms 
detected by the computer system in the chronological 
order of detection. These should show the times of 
detection and the alarm identities. It can be an 
advantage, if alarms detected from analogue signals 
are recorded with the value of the associated analogue 
signal, or of the signal limit value. The log may be 
printed at routine intervals, or on demand. Alarm logs 
should be provided as a clear printout suitable for 
immediate analysis. 

8.3.2 Separate logs should be provided to show all 
alarms that exist and any alarms or input signals which 
are inhibited or suppressed. 

8.4 Plant State Logs 

8.4.1 Logs may be required from the computer to show 
the condition of nuclear power plant states not 
indicating alarms, or the changes of these states. 

9 NUCLEAR POWER PLANT MONITORING 

9.1 Analogue Alarm State Monitoring 

9.1.1 Provisions should be made to allow analogue and 
digitized signals to be checked at routine intervals 
chosen with reference to significant nuclear power 
plant transients. Provisions to allow alarms limits to 
be allocated to any analogue signal are desirable. 



Special checks may be required, where an alarm limit 
is derived from other signals. Where alarm limits on 
rates of change are required, care is necessary to avoid 
false alarm initiation. 

9.1.2 Where hysteresis or confirmation logic is 
included, care should be taken to avoid suppressing 
alarms incorrectly. 

9.1.3 Alarm checks on analogue signals should be 
simple and direct, so that nuclear power plant 
operational staff understand directly the nature of the 
malfunction detected. The alarm should be handled in 
the same manner as any binary signal alarms detected 
by the computer system. Facilities to detect faulty input 
signals are desirable. 

9.1.4 A means of removing individual signals which 
are known to be irrelevant fi-om alarm monitoring may 
be an advantage. 

9.2 Binary Alarm State Monitoring 

Provisions should be made to monitor the state of 
binary inputs to detect alarms states. It is desirable that 
a standard convention on the binary state representing 
an alarm is established for the nuclear power plant. 
Certain binary inputs may have no alarm significance, 
but indicate nuclear power plant states or control states. 
These inputs should be clearly distinguished from 
alarms. 

9.3 Alarm Conditions 

Nuclear power plant can be monitored for alarms 
directly from an analogue signal or a binary signal, or 
indirectly by logic processing of such signals. The 
current state of alarm conditions should be stored for 
use by alarm log, display and analysis functions. 

9.4 Alarm Analysis 

9.4.1 Where many alarms can be detected by the 
computer system, it may be desirable that the most 
significant alarms arising at any nuclear power plant 
failure are detected and specially presented to the 
control operators. The method of analysis to detect the 
most significant alarms should be fast and simple. It is 
undesirable for the detection of an alarm to require an 
extensive programme search of other alarm conditions 
or extensive bulk data store system transfers. 

9.4.2 Protection which may be used for alarm analysis 
include: 

a) Pre-defined classes of urgent and non-urgent 
alarms. 

b) Dynamic checks when one alarm is detected, 
to judge its importance compared to other 
existing alarms, using pre-defined criteria. 

c) Logic operations to group or deduce alarms 
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conditions, using pre-defined logic processes 
for alarms, 
d) Logic operations to condition the display of 
one alarm, dependent on the state of other 
input signals and alarms. 

9,4.3 To allow for unforeseen Jiuclear power plant 
circumstances, the operator should be able to display 
the primary nuclear power plant conditions detected 
by the computer independently of the analysis process 
followed. This applies specially when automatic 
inhibition of alarms is used. 

9.5 Alarm Validation and Filtering 

9.5.1 The following alarm validation and filtering 
techniques shall be used: 

a) Confirmation of alarms conditions in 
subsequent scanning cycles, and 

b) Filtering of alarms from parameters of 
equipment which are under maintenance. 

10 DISPLAY SYSTEMS 

10.1 General 

10.1.1 Displays can be provided for control room 
operators and for use by specialists for flexible 
alphanumeric and graphical application. 

10.1.2 All displays should be designed for clarity and 
ergonomic principles should be followed in design of 
the display layout. Analogue data on nuclear power 
plant conditions should be updated at a rate able to 
show nuclear power plant changes satisfactorily and 
alarm data should be refreshed when a change is 
detected. It may be an advantage if a permanent record 
of any display can be made on demand. The means of 
modification of the display format should be 
considered. 

10.2 Data Displays 

10.2.1 Displays of data should be available to show a 
clear indication of each signal title and its value in 
appropriate units, or its state. 

10.2.2 Displays should be designed by study of 
operation of nuclear power plant items, routine or 
standard operational patterns and specific parameter 
survey requirements. 

10.2.3 Display facilities which can be advantageous 
are: 

a) Any analogue input; 

b) Any binary input; 

c) Auto/manual or control system states; 

d) Inputs inhibited or deleted from scans; 

e) Any output states; and 

f) Any stored information. 



10.3 Trend Displays 

10.3.1 Where suitable equipment is available, trend 
displays can provide the immediate past values of 
selected signals. It is desirable to show the trend as a 
normal graph, where time is represented by the X-axis 
of display and value by the Y-axis. 

10.3.2 It is ergonomically preferable that the past trend 
displayed remain steady and that latest values are added 
to the right of the graph. Standardized periods of 
accumulation of past values at appropriate sampling 
rates should be chosen from considerations of nuclear 
power plant performance. A typical accumulation 
period is 30 min. Where a trend can be displayed, the 
computer record of past values should be available as 
a permanent record. 

10.4 Display of Plant Schematic Diagrams 

10.4,1 Where suitable equipment is available, nuclear 
power plant measurements and conditions can be 
presented in diagrammatic form. Colours and symbols 
can represent nuclear power plant conditions and 
interrelationships between nuclear power plant items 
may be shown in the diagrams. Considerations should 
be given to the method of recording the displayed 
information. 

10.5 Alarm Displays 

10.5.1 The display of alarms to nuclear power plant 
operators shall be rapid and simple. The display 
operating modes should follow as closely as possible 
the established sequences of conventional alarm 
annunciation systems. Alarm messages may be 
presented using a set of sequential pages. The operator 
should be able to turn fi*om one page to an adjacent 
page by operation of a single control. It should be 
possible for the operator to obtain a permanent record 
of any alarm display. 

10.5.2 The design should be such that the sudden 
detection of a large group of alarms does not adversely 
affect system performance or cause loss of alarm 
information. The alarm display system should be able 
to operate normally with any number of alarms existing 
on the nuclear power plant. 

10.5.3 It is desirable that the display of an alarm take 
the form of a reference code (such as the input address) 
and a clear and unambiguous title. Where abbreviations 
are used, they should be of established use within the 
overall nuclear power plant nomenclature. The use of 
abbreviations should be minimized, but where a 
nuclear power plant system is normally referred to by 
an abbreviation, that abbreviation should then always 
be used. 
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11 CALCULATIONS 

11.1 Nuclear Power Plant Performance Calculations 

Based on the scanned data, computer systems may be 
used to carry on the following computational functions: 

a) Reactor thermal output; 

b) Neutron fluence rate distribution; 

c) Power density distribution; 

d) Departure from nucleate boiling ratio 
(DNBR); 

e) Critical heat flux ratio; 

f) Electrical, thermodynamic and flow 
calculations for nuclear power plant 
performance; 

g) Turbine and other nuclear power plant items 
performance; 

h) Control rod bum-up; 

j) Fuel management; 

k) Fuel bum-up for individual fuel elements; 

m) Summated core fuel burning; 

n) Core reactivity and reactivity balance; 

p) Xenon-iodine poisoning predictions; 

q) Control rod position; 

r) Control strategy for load forecast plant; 

s) Radioactive effluent; 

t) Evaluation of spectrograph ic analysis; 

u) Fuel element cladding or coating failure; 

v) Calculations for first approach to criticality; 

and 

w) Estimation of water leak in steam generator 

of fast breeder reactors. 

11.2 Specification of Calculations 

11.2.1 Nuclear power plant performance calculations 
done on-line or off-line should take into account 
normal instrumentation limitations. 

1 1.2.2 A clear definition of the performance calculation 
should be made showing relevant formula, nuclear 
power plant operating conditions, parameters, signals 
and constants used and the purpose of the calculation. 

11.2.3 In drawing up specifications for nuclear power 
plant performance calculations, the following aspects 
shall be taken into account: 

a) Results shall be reproducible; 

b) Nuclear power plant instrumentation has 
limited accuracy; 

c) Definition of nuclear power plant status for 
calculation is essential; 

d) Purpose for which calculation is intended 
should be clearly defined; 



e) Formula used shall be defined; 

f) Distinction shall be made between constants 
(invariable) and parameters (variable); 

g) Plausibility checks for measured values shall 
be clearly defined; and 

h) Timing requirements should be clearly 
defined. 

11.2.4 Consideration of the immediate value of the 
information required for nuclear power plant operation 
should be used to determine whether a calculation 
should be performed on-line, or on an external 
computer. If, calculation is required frequently during 
any day to maintain satisfactory operation, or if it uses 
the current data on the nuclear power plant, it should 
be done on-line depending upon the feasibility. If it is 
required on an infrequent basis for longer-term 
operation, or where the application class allows this, it 
may be done with an off-line computer system. If the 
calculation requires extensive data or records not 
normally or readily held in the computer system, it 
should be done on an external computer. 

12 NUCLEAR POWER PLANT CONTROL 

12.1 Sequential Control 

12.1.1 A computer system can be used for automatic 
sequential control of nuclear power plant start-up, shut- 
down and standby selection and for control of sampling 
or sequentially scanned instmmentation systems, and 
for control of refuelling operations. 

12.1.2 Manual controls should allow isolation of 
nuclear power plant from the computer. A control 
interface system is needed to match the computer 
output to the control functions of the control room and 
the nuclear power plant. 

12.1.3 The computer programmes should be organized 
into functional groups related directly to the sequential 
control tasks. These groups should allow independent 
nuclear power plant commissioning of each control 
task and should permit alterations to match changes to 
nuclear power plant characteristics. 

12.1.4 The state of the nuclear power plant which is 
controlled should be checked by the computer to detect 
malfunction of the control outputs or nuclear power 
plant actuators. 

12.2 Closed Loop Control 

12.2.1 A computer can be used for control of the normal 
operation of nuclear power plant. The advantages are 
improved flexibility of control and the possibility of 
adaptive control. 

12.2.2 Particular care should be taken to determine the 
computer application class, by consideration of the 
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control system reliability required. 

12.2.3 Computer closed loop control can be done at 
two levels: 

a) Output of set points to normally operating 
control units provided with their own standby 
facilities external to the computer; and 

b) Output of control signals directly to nuclear 
power plant, with provision of a standby 
facility separate from the computer. 

Particvilar consideration should be given to the time 



taken by the computer to acquire and process data and 
to output control signals. 

12.2.4 The computer control system shall have 
provision to check the healthiness of sensor and final 
actuation element wherever possible and ensure bump 
less control transfer, if required. 

12.2.5 The computer system should allow alteration 
of all control parameters during normal operation. 
These parameters may be set points, control constants 
and offsets. An output of all parameter values in use 
should be available to the operators. 
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